Tips Avoid Getting Hooked in Phishing Scams

Aug 29, 2011

Whether in the form of fraudulent emails, falsified websites or deceptive text messages, cybercriminals are casting a wider phishing net in the hopes of obtaining personal information from unsuspecting consumers. Experian's ProtectMyID recently commissioned a survey to understand the implications of cybercriminals' phishing expeditions. The findings indicate many consumers are being "hooked."

"Phishing is essentially an attempt by cybercriminals and identity thieves to obtain sensitive information by masquerading as a legitimate and trustworthy source," said Jennifer Leuer, senior vice president of Experian Consumer Direct, which owns ProtectMyID. "While many Americans understand the risks, the survey revealed they are unknowingly putting themselves in jeopardy of identity theft."

Masked as legitimate companies or government entities, cybercriminals often use scare tactics to lure people into providing personal information such as financial account numbers, Social Security numbers, birth dates or other private data to thieves. According to survey results, 22 percent of respondents would readily supply their personal information requested in an email from one or more of the following sources: bank, credit union, charitable cause, credit card company or national/state government agency.

Other findings indicate that while many consumers assume they are taking the appropriate measures to protect themselves, they are in fact falling into carefully designed phishing traps. For instance, 32 percent of respondents would click on the website addresses in an email to verify the source. What they don't know, however, is that they are more than likely being led to a fraudulent site set up to trick them into providing personal information.

To help consumers avoid being hooked by phishing traps this summer, Experian's ProtectMyID offers the following tips:

Do:

Use strong spam filters to minimize the amount of unwanted and unsolicited emails you receive. Thieves count on you being bombarded with too many emails and being too distracted to notice anything being "phishy."

Use a trusted URL checker to confirm the legitimacy of any new Website you see in an email or wish to visit.

Make sure you are at the Website you really want and that you have a secure connection for any financial dealings. Look for the "https," security certificate and yellow padlock when providing personal information to a Website.

Update firewall, antispyware programs and operating system patches. These are necessary to block access to your computer from the Internet and to protect against known exploits used by hackers. If you don't update frequently, you become vulnerable very quickly.

Check emails for misspellings, poor grammar and/or odd phrases.

Don't:

Respond or reply to emails asking to confirm any type of personal or financial information.

Click on any links contained in these types of emails. More than likely, they will lead to a fraudulent site set up to fool you into providing personal information, or they may install a virus or Trojan to steal your information.